magine you are an Information Security InfoSec Specialist em

magine you are an Information Security (InfoSec) Specialist employed by the Makestuff Company, and assigned to the company’s Incident Response Team.

You have been notified by Mr. Hirum Andfirum, Human Resources Director for Makestuff, that the company has just terminated Mr. Got Yourprop, a former engineer in the company’s New Products Division, for cause.

Mr. Andfirum tells you that, at Mr. Yourprop’s exit interview earlier that day, the terminated employee made several statements to the effect of “it’s okay because I have a new job already and they are VERY happy to have me come from Makestuff, with ALL I have to offer.” Mr. Yourprop’s statements made Mr. Andfirum fear he might be taking Makestuff’s intellectual property with him to his new employer (undoubtedly a Makestuff competitor). In particular, Mr. Andfirum is worried about the loss of the source code for “Product X,” which the company is counting on to earn millions in revenue over the next three years. Mr. Andfirum provides you a copy of the source code to use in your investigation.

Lastly, Mr. Andfirum tells you to remember that the Company wants to retain the option to refer the investigation to law enforcement in the future, so anything you do should be with thought about later potential admissibility in court.

With the scenario in mind, thoroughly answer the following questions (in paragraph format, properly citing outside research, where appropriate):

1.      What permissions/authorities should you have before you search Mr. Yourprop’s former Company work area, and how would you document that authority?

2.      (Looking at the photo of Mr. Yourprop’s work area, provided for Project 2 in the Course Content area) Identify three (3) potential items of digital evidence you see in the photo. For EACH item of digital evidence you identified, explain what potential use that item would be to your investigation (e.g., what type of data that item might hold) AND how you would collect that item as evidence (with emphasis on your care and handling of that item consistent with digital forensic best practices described in your textbook).

3.      (Looking at the photo of Mr. Yourprop’s work area, provided for Project 2 in the Course Content area) Identify three (3) potential items of non-digital evidence you see in the photo. For EACH item of non-digital evidence you identified, explain what potential use that item would be to your investigation AND how you would collect that item as evidence.

4.      (Looking at the Evidence Custody Document and item photographs, provided for Project 2 in the Course Content area) Read the Evidence Custody Document prepared by one of your co-workers, in which he is attempting to seize the three items pictured in the accompanying photos. Did your co-worker adequately describe each item? What could you add to the descriptions, and for which items (based on what you see in the photos), to make them more complete and serve as an example to your co-worker of what they SHOULD look like?

5.      How should the items you collected as evidence be stored in your evidence room. Describe any environmental conditions or concerns for your evidence room (digital evidence can require some unique considerations!), as well any security procedures that should be in place.

Solution

_____________________________________________________________________________________

2)I have to check OODA loop( Observe, Orient, Decide, and Act) which is used in the defense and business communications.

I have to perform a high level analysis.  When assessing security, the computer is the physical device, items of information and the services, came to know  Storage devices such as hard drives, external hard driver, removable media, thumb drives and memory card having the possibilities  information.

Checking hard ware and software, documents photos, Image files, e-mail and attachments, databases, financial information, Internet browsing history, chat logs, event log and finally data stored on external devices.

I going to be seize my evidence here.

Storage devices :  Check Yourprop’s whether stored data can be altered, damaged or destroyed.

Camera : Yourprop’s to whom he was talked and any illegel money  given to him or he transferred the inventory to unknown party of the company.

Paper Evidence Bag:

Check Yourprop whether he had written any letter to outsider parties regarding the new product, if it is get the parties name, phone number, email. Also not to forget to check somebody threatens him.

__________________________________________________________________________________

3. Hard copy prints out of digital information are not digital evidence

Finger Prints:  To Analyze the who are involved in this case may be another employee of this same company also.

Paper:  It is showing document related with important code

__________________________________________________________________-

4)No, He/she not explained adequately about the 3 items which they have seized

___________________________________________________________________

5

All physical items that are collected as evidence must be labeled, packaged and transported to a forensic laboratory

Ensure that all digital evidence collected is properly documented, labeled, marked, photographed, video recorded or sketched and inventoried before it is packaged.   All connections and connected devices should be labeled for easy reconfiguration of the system later.

Pack all digital evidence in anti static packaging.  Only paper bags and envelopes, card board boxes, and anti static containers should be used for packaging digital evidence.

Plastic materials should be used when collecting digital evidence because plastic can produce electricity and allow humidity which leads to damage.

Ensure that all digital evidence is packaged in manner, in order to prevent fro being bent, scratched, or other wise deformed.

Label all containers used to package  and store digital evidence clearly and properly.

Leave cellular, mobile, in the power state in which they were found.

Avoid keeping digital evidence in a vehicle for prolonged periods of time.  Heat or cold can damage destroy digital evidence.

Document the transportation of the digital services and maintain the chain of custody on all evidence transported.

Collect all power supplies and adapters for all electronic devices seized.